The "Most Sophisticated Mac Spyware Ever" Is Being Peddled on The Dark Web

A sign of things to come.

BEC CREW

13 JUN 2017

Two separate malware products for Macs have gone up for sale on the dark web - a shadowy corner of the internet that's only accessible though networks such as Tor - and experts are warning that they could be the first of many.

While many Mac users assume they're safe because the vast majority of viruses are built to target PCs, the appearance of MacSpy and MacRansom emphasise the case for having a virus protector for Apple's Mac operating system, called macOS, to keep your system as safe as possible.

"I think it's a natural progression that's not that surprising to see. But in some ways, yes, it's kind of a milestone."

A couple of weeks ago, experts first noticed the appearance of two hidden MacSpy and MacRansom websites, and since then, samples have been obtained by security firms Fortinet and AlienVault to reveal what each product is capable of.

While neither product appears to have anywhere near the sophistication of viruses that currently target PCs, it's thought that MacRansom could be the first ransomware-as-a-service program ever developed for macOS.

According to AlienVault, MacSpy is also one of the first of its kind on macOS, and as you can see in the screenshot above, it's being marketing as "the most sophisticated Mac spyware ever".

That might sound impressive, but when there's barely any competition right now on Macs, you don't have to do much to claim that title - both Fortinet and AlienVault concluded that the products are likely the work of an inexperienced coder.

But that doesn't mean they can't cause some trouble if you find your computer infected.

Like WannaCry, which recently launched a devastating ransomware attack on an estimated 230,000 PCs in 150 countries on only its first day, MacRandom claims to facilitate the encryption of other people's data, only to be released upon payment.

As the International Business Times reports, the product is being marketed as for "people who want to covertly retaliate another Mac user (sic)" and "people who want to earn easy money from unsuspecting family members, friends, colleagues, and classmates."

The idea is that the software will lock a user's system, and present them with a pop-up window saying the files have been encrypted and will be deleted unless a specific ransom is paid.

The program reportedly demands a payment of 0.25 bitcoin - about US$670 - to decrypt the data.

"It is not every day that we see new ransomware specifically targeting Mac OS platform," Fortinet's Rommel Joven and Wayne Chin Yick Low write in a blog post.

"Even if it is far inferior from most current ransomware targeting Windows, it doesn't fail to encrypt victim's files or prevent access to important files, thereby causing real damage."

MacSpy, on the other hand, claims to be able to capture screenshots every 30 seconds, log every keystroke, access synced iPhone photos, record sounds even without the microphone turned on, and obtain history and download data from Safari and Chrome, itnews.com.au reports.

"Once installed, there will be no digital trace that can be associated with you," the website claims.

So what should you do about these nascent threats? If you're a Mac user and you're feeling paranoid, the good news is these products should be easily identified by any good virus protector.

And while you might have bought your Mac on the assumption that you'd never have to worry about buying a virus protector, we hear you, it sucks.

But this could be a sign that macOS's relatively tiny market share is no longer a deterrent for malicious coders looking to wreak havoc, and sooner or later, you'll probably be pleased you did own that antivirus software anyway.